cbcvebase.
CVE-2023-48786
published 2025-06-10

CVE-2023-48786: A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated…

medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetforticlientems
fortinetforticlientems6.4.0 – 6.4.9
fortinetforticlientems6.4.7 – 6.4.9
fortinetforticlientems7.0.0 – 7.0.13
fortinetforticlientems>= 7.2.0 < 7.2.77.2.7
fortinetforticlientems7.2.0 – 7.2.2
fortinetforticlientems>= 7.4.0 < 7.4.37.4.3
fortinetfortinet